URLhaus Database

You are currently viewing the URLhaus database entry for http://144.172.109.62/Orbt/Orbt.ppc which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3682114
URL: http://144.172.109.62/Orbt/Orbt.ppc
URL Status:Offline
Host: 144.172.109.62
Date added:2025-10-20 06:35:19 UTC
Last online:2025-10-28 23:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-10-20 06:36:13 UTC to abuse-reports{at}cloudzy[dot]com)
Takedown time:8 days, 16 hours, 45 minutes Bad (down since 2025-10-28 23:21:21 UTC)
Tags:elf gafgyt link mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-10-28Orbt.ppcelf 2541e7c6889f9f3322ac0a8eda7f15f46b8c4f8d742953235d8818a41245e62bn/aGafgyt
2025-10-26Orbt.ppcelf ff35ec93488c408f30af4c15a0d606ca6b1794452c477dbb8a607b33ea85e9abVirustotal results 40.00%Mirai
2025-10-24Orbt.ppcelf f3fc4707dac94d9bd86324d1a4b1d020b4a68112b7cd1df5e860a8c6e7abe48fn/aMirai
2025-10-23Orbt.ppcelf e27d161776faa154a67d52e51c47e84dcb1fbdfb577cc412b9e84712957e04d3n/aMirai
2025-10-22Orbt.ppcelf f07b9added7db0b9fb167b970e81a61d93a061e31d519042d7d2faa7c1b5be85n/aGafgyt
2025-10-21Orbt.ppcelf f3baa51ef1b2c72ac659a49a7b8a044d5fc01c0593bce0633ca30a2d6ab06899Virustotal results 41.54%Mirai
2025-10-21Orbt.ppcelf 05950e9d453965f9e24a51234ea10ebf45b3245cbef7a1e222c0ec2d0e50d9a7n/aMirai
2025-10-20Orbt.ppcelf cb8d6268605a2f0dc1d64cc7195eaa3c2126aa37440245222b7912ab5905fa31Virustotal results 43.08%Mirai
2025-10-20Orbt.ppcelf 6a60f37a8479d20131b845ab7f06ffe4e5dc38de84a30169fd5c8fc12d5d6781n/aMirai